HW for 100Mb firewall

To: misc_(_at_)_openbsd_(_dot_)_org

Subject: HW for 100Mb firewall

From: James Thompson <jamest_(_at_)_math_(_dot_)_ksu_(_dot_)_edu>

Date: Fri, 19 Nov 1999 14:32:18 -0600 (EST)

I'm interested in setting up a firewall for our department using OpenBSD.
I'm never setup a OpenBSD firewall though I've got basic firewalling
working on a linux box at home.
I was thinking about a system with 3 NICs (either 3c905b's or Intel
EtherExpress Pro 10/100s) , 1 for the outside world, 1 for our private
net, and 1 for a network of semi trusted hosts (ie webserver). I was
planning on picking up something along the lines of a P3-500 w/ 256MB of
RAM and running Squid on it as a web accelerator/proxy in addition to the
firewalling feautres.
The main campus networking person said that a P3-500 probably wouldn't
hold up to the load of saturated 100Mb lines and that I would be better
off purchasing a $10,000 router instead. Ouch. We currently don't come
close to saturating our 100Mb outside line (sitting at %2 usage now) and I
don't forsee that changing in the near to mid future. I'm having a hard
time accepting that a P3-500 can't handle a fair amount of traffic but I
don't have any real world experience with this. How much throughput can a
person expect from the above hardware? What kinds of bottlenecks would a
person face and would there be any additional steps a person should take
to avoid those bottlenecks?
TIA
James
->->->->->->->->->->->->->->->->->->---<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<
James Thompson 138 Cardwell Hall Manhattan, Ks 66506 785-532-0561
Kansas State University Department of Mathematics
->->->->->->->->->->->->->->->->->->---<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<